Cloud computing—key legal issues

The following TMT practice note provides comprehensive and up to date legal information covering:

  • Cloud computing—key legal issues
  • Due diligence
  • Contract documents
  • Use and negotiation of standard terms
  • Acceptable use policy
  • Privacy policy
  • Service description
  • Scope of the services
  • Changes to the service description
  • Service levels
  • More...

Cloud computing—key legal issues

This Practice Note considers the following legal and commercial issues relating to cloud services:

  1. Due diligence

  2. Contract documents

  3. Service description

  4. Service levels

  5. Fees

  6. Data protection

  7. Data portability and backup

  8. Security

  9. Record keeping and audit rights

  10. Compliance with laws

  11. Intellectual property

  12. Supplier liability for content

  13. Liability under the contract

  14. Application of TUPE

  15. Variation of terms

  16. Suspension and termination rights

  17. Business continuity and disaster recovery

  18. Governing law and jurisdiction

  19. Export control laws

  20. Sector specific regulation and guidance

  21. International laws

For an explanation of key cloud concepts and other background information, see Practice Note: Cloud computing—introduction.

For guidance on the laws applicable to cloud services in a number of worldwide jurisdictions, see Practice Note: Getting the Deal Through: Cloud Computing 2021.

This note is primarily focused on business-to-business cloud transactions. Where services are being provided by suppliers to consumers, additional considerations will apply, see: Trading with consumers—overview.

Due diligence

One of the first stages in any cloud transaction is due diligence—a process which can be important for customers in light of the potential inability to significantly influence the contract terms (see: Contract documents below).

Due diligence for cloud deals should cover:

  1. operational history and reliability of supplier—the customer should consider how long the supplier has been operating and request data on historic service level performance

  2. data location, portability and backup—suppliers should be able to tell customers where their data

Popular documents